ColdFusion Error Log

2018-06-05T23:25:12Z

Caleb.williamson:

==What is the ColdFusion Error Log?==
There are two types of logs that could contain information about your site. First on the list here is the Server error logs, and the second is logs created by using the cflog tag..
 
<ul>
<li>''''ColdFusion Server Errors'''': The errors reported here are errors that your site are throwing in ColdFusion. NOTE: Our production servers should not be used for development, so you should be doing your development work on your local machine. However, if your site is throwing an error, this will give you the ability to see that error.</li>
 
<li>''''cflog tag logging'''': NOTE: We strongly suggest to not use the "information" type. We also suggest to only set the type to "error" or "fatal" on the production servers. ColdFusion writes the logs to a system path. For security purposes, your cflog logs will only appear here if you have given the file name in the cflog tag the name of your domain, without the www. For example, if your domain is your_domain.com you would set the file attribute for the cflog tag like: file="your_domain.com"</li>
</ul>
 

Let's go ahead and show how to view your domains server and application error logs.

==How to access the ColdFusion error logs in WCP==

We'll share the steps needed to get to the ColdFusion error logs below:
 

<ol style="list-style-type: decimal;">
<li>First login to your WCP control panel for the account the domain is under: https://wcp.hostek.com
[[file:wcp_url_secure.png]]
 
If you have any issues with logging into WCP then please see our tutorials on [[Forgot_WCP_Password|recovering your password]] if necessary</li></ol>

 

<ol start="2" style="list-style-type: decimal;">
<li>Once logged into WCP if you have multiple domains you may need to select the appropriate domain to manage using the ''''Hosted Domains'''' drop-down in the top-right of the page as shown in the screenshot below:
[[file:wcp_change_domain.png]]
 
</li></ol>

 

<ol start="3" style="list-style-type: decimal;">
<li>Once in the correct domains WCP control panel click on the ''''ColdFusion Error Logs'''' icon under the ''''ColdFusion'''' section.
[[file:CFErrorButton.PNG]]
 
</li>

===View Server Error Logs===

<ol>
<li>Choose the Server Error Logs tab..
[[File:ServerLogs.PNG]]
</li>

<li>''''Wrap Text''''</li>
This will allow the error text to be wrapped within the text frame to prevent the need for scrolling to see the entire message.
[[File:WrapText.PNG]]

<li>''''Hours''''</li>
Allows you to choose the amount of hours you wish to view logs for. (1-24 hours)
[[File:Hours.PNG]]

<li>Click the ''''Update'''' button.</li>
This will populate the Server Error Logs text box with any related error logs.
[[File:Update.PNG]]

<li>''''Server Error Logs'''' text box.</li>
This box will display the server error logs for your domain within the time frame you have choosen.
[[File:ServerLogs2.PNG]]
</ol>

===View Application Error Logs===

<ol>
<li>Choose the Application Error Logs tab.
[[File:ApplicationLogs.PNG]]
</li>

<li>''''Wrap Text''''</li>
This will allow the error text to be wrapped within the text frame to prevent the need for scrolling to see the entire message.
[[File:WrapText.PNG]]

<li>''''Hours''''</li>
Allows you to choose the amount of hours you wish to view logs for. (1-24 hours)
[[File:Hours.PNG]]

<li>''''Purge Logs''''</li>
The purge logs button allows you to clear out all application error logs for your domain.
[[File:Purge.PNG]]

<li>Click the ''''Update'''' button.</li>
This will populate the Server Error Logs text box with any related error logs.
[[File:Update.PNG]]

<li>''''Application Logs'''' text box.</li>
This box will display the server error logs for your domain within the time frame you have choosen.
[[File:ApplicationLogsText1.PNG]]
</ol>

[[Category:WCP (Windows based Control Panel)]]

Protect and lock down Wordpress

2017-10-13T18:32:30Z

Caleb.williamson: /* Windows Server */

__FORCETOC__

==How to Protect WordPress==
===Windows Server===
#Edit or Create a file named .htaccess within the directory of your WordPress installation (yes, the file starts with .)
#Place this code in the .htaccess file (this example assumes your IP is 123.123.123.123). Click to see your [http://hostek.com/ip IP].
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?admin-ajax\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
RewriteRule .* http://0.0.0.0/Please_check_your_htaccess_file_or_contact_your_hosting_provider_for_assistance [R=301]

NOTE: If you need to allow access from more than 1 IP replace the REMOTE_ADDR line with this example and update accordingly
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$

'''What this does:''' The above rule locks down the Wordpress dashboard, as well as the ability for the wordpress api ( xmlrpc ) to be attacked. The xml-rpc file essentially allows for outside applications to "interact" and "communicate" to your wordpress site in ways you may not want to. The reason for locking down the WordPress dashboard is because Wordpress is widely targeted around the world for potential vulnerabilities. Attackers will attempt to find common vulnerabilities known for each version of WordPress and will attempt to get in and compromise your site.

The 'admin-ajax.php' file is being locked down because this file is commonly targeted by attackers to hurt your site and server performance. This file is very resource heavy as it takes up a lot of CPU. It is very uncommon for this to ever be used as it's a wordpress heartbeat API. If you do need this file enabled then I'd recommend locking it down to specific IP Addresses.

===Linux Server===
#Edit or Create a file named .htaccess within the directory of your WordPress installation (yes, the file starts with .)
#Place this code in the .htaccess file (this example assumes your IP is 123.123.123.123). Click to see your [http://hostek.com/ip IP].

<pre><FilesMatch 'wp-login|admin-ajax.php|wp-admin|xmlrpc.php'>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !123.3123.123.123
RewriteRule .* http://0.0.0.0/Please_check_your_htaccess_file_or_contact_your_hosting_provider_for_assistance [R=301]
</FilesMatch></pre>

NOTE: If you need to allow access from more than 1 IP replace the REMOTE_ADDR line with this example and update accordingly
RewriteCond %{REMOTE_ADDR} !123.123.123.123

'''What this does:''' The above rule locks down the Wordpress dashboard, as well as the ability for the wordpress api ( xmlrpc ) to be attacked. The xml-rpc file essentially allows for outside applications to "interact" and "communicate" to your wordpress site in ways you may not want to. The reason for locking down the WordPress dashboard is because Wordpress is widely targeted around the world for potential vulnerabilities. Attackers will attempt to find common vulnerabilities known for each version of WordPress and will attempt to get in and compromise your site.

The 'admin-ajax.php' file is being locked down because this file is commonly targeted by attackers to hurt your site and server performance. This file is very resource heavy as it takes up a lot of CPU. It is very uncommon for this to ever be used as it's a wordpress heartbeat API. If you do need this file enabled then I'd recommend locking it down to specific IP Addresses.

[[Category:WordPress]]

Hostek.com Wiki - User contributions [en]

ColdFusion Error Log

Protect and lock down Wordpress